dForce, a Chinese decentralized finance (DeFi) platform that recently experienced a hack that led to the loss of around $25 million worth of cryptocurrency, confirmed on April 27, 2020 that it will be compensating all its users for their stolen funds. This, after the digital assets were returned by the hacker.
On April 19, 2020, an external entity launched an attack on dForce’s lending protocol (called lendf.me). The hacker(s) were able to steal about $24.9 million in digital currency that was locked by the platform’s smart contracts. Only four days later, the attacker(s) returned the stolen assets back to dForce’s developers.
On April 27, the dForce team noted via Twitter that more than 90% of the crypto assets “have been distributed to users in less than 24 hours.”
The team added:
“100% users have been made whole in the recovery. We will disclose more future actions shortly.”
dForce’s developers stated:
“Given that hacker was only able to exchange a few assets before returning the funds, we have elected to rebalance most of the portfolio back to the last state prior to the contract being attacked and the pausing of the contract. The funds are secure, and we’re eager to return them.”
The dForce team went on to explain the procedures for withdrawing assets and loan repayment.
Users who may have outstanding balances on their individual accounts have the option to ask for fund withdrawals, which are handled on a case-to-case basis. Users who don’t make requests will have their assets automatically returned in about a week, the dForce developers said.
They added that if users had taken out loans via the lending protocol, then they must repay them within a week so that they are able to get their locked collateral back. If users don’t return the loans, then the dForce team will sell their collateral in order to take care of the outstanding loans. The remaining digital assets will be given back to the users, but the refunds will be issued in stablecoins.
There have reportedly been a number of phishing attempts that have tried to target dForce users. The dForce team warned users to only perform transactions via the protocol’s official website.
The lending platform’s developers added:
“While we are very much eager to inform the community of the action items we will be taking to ensure asset security and system robustness going forward, we do believe that returning the stolen funds to the users is the absolute priority at this moment.”